App Privacy Policy

Effective Date: 03/07/2024


1 INTRODUCTION 


Welcome to MyDay's Privacy Policy. MyDay is committed to protecting and respecting your privacy.

1.1 This Privacy Policy (“Policy”) explains how we collect, use, and protect your personal information when you use our mobile application (“app”) and services. By using the MyDay app, you agree to this Policy. This Policy explains what data we collect about you and how we store, analyse and share the data we collect about you through our website and the app. This Policy applies to all Personal Information whether collected online or offline. The Policy also explains your rights with regards to your data, and how to contact us to request access, corrections, transfer, restriction, or deletion of the data we have collected about you.

1.2 MyDay is a wellbeing app provided by Evexia Health International Ltd (“MyDay”, "we," "us," or "our") a company registered in England and Wales with company number 12935845, whose registered office is Woodwater House, Pynes Hill, Exeter, Devon, United Kingdom EX2 5WR. Our app and the programs within are paid for by your employer, your spouse’s employer, or another sponsoring organization (the “Sponsor”).

1.3 Evexia Health International Ltd (trading as MyDay) is the data controller responsible for your personal data.


2 ABOUT THIS PRIVACY POLICY

2.1 Please take the time to read this Privacy Policy, which is part of our Terms and Conditions. If you have any questions about this Privacy Policy or our use of your information you can contact us at hello@myday.health. You also have the right to make a complaint to the relevant Supervisory Authority about our use of your information (in most cases under this Privacy Policy the relevant Supervisory Authority will be the Information Commissioner’s Office).

2.2 We process your personal data on the basis that you have provided your consent for us to do so for the purposes set out below when you submitted your personal data to us. You may withdraw your consent to this processing at any time by contacting us at hello@myday.health. If you do withdraw your consent, we may still be able to process some of the data that you have provided to us on other grounds and will notify you of these at such time, however you will be unable to access the app and the services there in.

2.3 This Privacy Policy may change from time to time and, if it does, the up-to-date version will always be available on the website and the app (“services”). Please note that by continuing to use our services you are agreeing to any updated versions.

3 INFORMATION WE MAY COLLECT ABOUT YOU

3.1 We may collect and process the following data:

(a) Information you give to us directly. When you sign up to use the services you may give us information about you. The information you give to us may:

(i) General information: When you sign up to use the services, we may collect personal data such as your name, phone number, email address, year and month of birth, employee identification number, password, the comments and contributions you may make on the web-based platform or mobile application, place of residence and location information including time zone and language. We may be able to infer your sex and/or gender by your use of the Services.

(ii) Sensitive Personal Information: When you use the Services, you can choose to input personal data about yourself, such as your weight; height; body mass index. We may be able to infer your pregnancy, stages to your menstrual cycle related information or other information, like your physical and mental well-being, water intake and sleep duration by your use of the Services.

(iii) Information we receive from other sources and third party services (including wearables): With your consent, you may also allow us to connect to third-party services, such as Apple HealthKit, Google Health Connect and Rook. This enables us to import information about your health and activities into the App without the need for you to log it yourself. This imported data may include fitness activities, weight, height, BMI, calories burned, heart rate, number of steps/distance travelled, body temperature, sleep and other activity data. This data provides you with general insights into your activities and helps us to make better recommendations and track activity related to your performance in the app. We will process this data inured to provide you with App functionality and features. Importing this data is subject to the GoogleHealth Connect, Apple HealthKit and Rook privacy policies and terms. Please also check the applicable terms and privacy policies of the wearable devices that you may use to connect to Myday. Your wearable provider may collect usage data relating to your connection for its own business purposes, including to improve its services.

(b) Information we collect about you automatically. When you access or use the Services, we may automatically collect the following information:

(i) Device information: device model; information about the operating system and its version; unique device identifiers; enabled device accessibility features (e.g., display features, hearing features, and physical and motor features); mobile operator and network information; device storage information or version of your device system.

(ii) Location information: information about your visit, including the URL clickstream to, through and from the Website (including date and time); time on page, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs); IP address for an approximate location (not precise location); time zone or information about your mobile service provider.

(iii) Data about your use of the Services, including: frequency of use; areas and features of the services that you access or use; or engagement with particular features.

4 USE OF COOKIES

The Website uses cookies to distinguish you from other users, to improve your experience on our Website, and, to recommend content that may be of interest to you. For more information, please view our Cookies Policy HERE.

5 HOW WE WILL USE YOUR INFORMATION

5.1 We may use your information for the following purposes:

(a) To track your progress in the activities included in the app and, if applicable, track activity related incentives and rewards;

(b) To support the existing functions of the App, including tailored content, insights and materials you see when you use the App based on: the data you provide within the App; the activities you have selected for participate in and the App features you engage with; information obtained from connected third-party services (like AppleHealthKit, Google Health Connect and Rook API);

(c) To provide you with information about our services and their features;

(d) To respond to your questions and requests; and

(e) To provide appropriate security and confidentiality controls to protect your Personal Information.

(f) to customise the services according to your interests and improve our services;

(g) to administer our services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey responses;

(h) to allow you to participate in interactive features of our services when you choose to do so;

(i) to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;

(j) to comply with the applicable law/s;

(k) as we feel is necessary to prevent illegal activity or to protect our interests.

6 Lawful Basis for Processing (UK GDPR). We will only process your personal data if we have a lawful basis for doing so. The lawful bases we rely on are:

6.1 Your consent

6.2 The performance of a contract with you and your Sponsor

6.3 Compliance with a legal obligation

6.4 Protecting your vital interests performing a task in the public interest

6.5 Our legitimate interests.

7 DISCLOSURE OF YOUR INFORMATION

7.1 Disclosure of your information We may share your personal information with any member of Myday group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

7.2 If we share your information with third parties they will process your information as either a data controller or as our data processor and this will depend on the purposes of our sharing your personal data. We will only share your personal data in compliance with the applicable data protection legislation.

7.3 We will not sell or rent your personal data for monetary gain. We will not disclose your personal data except as otherwise described in this Privacy Policy. We will share your personal data with our service providers who support our Services as described in this Privacy Policy. We will also not use information received through your use of the Apple HealthKit or Google Health Connect framework for advertising or similar services, or sell it to advertising platforms, data brokers, or information resellers.

7.4 We may share anonymized and aggregated data with your Sponsor. Your Sponsor will not be able to use such anonymized or aggregated data to directly identify you. However, your Sponsor may use the anonymized information at its discretion, including to evaluate the overall program, as well as to provide additional benefits, programs, and services. In specific circumstances and for limited purposes, such as to ensure proper administration or to support tax compliance, we may share reports containing identifiable information with your Sponsor. In these circumstances, we limit the personal information to the least amount necessary to support the specific, necessary purpose. If your activity information indicates there may be an abnormality or abuse, we may share your activity information with your Sponsor and make adjustments, or suspend or terminate your account, in accordance with your Sponsor’s instructions.

7.5 We may disclose your information to third parties when:

(a) you specifically request this;

(b) other companies’ products and services may interest you and you have provided explicit consent to receive such correspondence;

(c) in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;

(d) if the we or substantially all of our assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets; or

(e) if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to protect the rights, property or safety of the Website, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

7.6 The third parties include:

(a) business partners, clients, suppliers and sub-contractors for the performance of any contract we enter into with them or you; and

(b) analytics and search engine providers that assist us in the improvement and optimisation of the Website.

(c) At the request of your Sponsor, we may combine Personal Information from third-party databases with Personal Information from our services to deliver you targeted messages related to the myday and its uses. Combining datasets for a client in this way may be deemed to constitute a sale of Personal Information under certain laws. Subject to any limitations imposed by applicable laws, We reserve the right to disclose Anonymous Data at Our discretion.

8 STORAGE OF YOUR PERSONAL DATA

8.1 Myday is based in the UK. Personal data we collect may be transferred to and processed in the US (where it is governed by US law) and/or to other countries (where it is governed by the applicable laws of those countries). These transfers are usually cloud-based, and can occur when you engage with our Services and are subject to our retention policies. The laws of other countries may not offer the same protections as the laws of your jurisdiction.

8.2 International Data Transfers:

(a) Personal data in the EEA and the UK is protected by the GDPR and the UK GDPR. When transferring personal data outside of these locations, we will always apply appropriate safeguards in accordance with the law to ensure your personal data is protected. For example, we enter into data transfer agreements that incorporate the European Commission approved Standard Contractual Clauses and carry out transfer risk assessments. For further information, please email us at hello@myday.health.

(b) We may transfer the personal information we collect through the channels to, and store such data in, other countries, including the U.S., which may have different data protection laws than the country in which the information was provided. If we do so, we will transfer the personal information only for the purposes described in this Policy. To the extent required by applicable law, when we transfer your personal information to recipients in other countries, we will take measures to protect that information.

8.3 We follow strict security procedures as to how your personal information is stored and used, and who sees it, to help stop any unauthorised person getting hold of it. All personal information you register on the app will be located behind a firewall. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. Unfortunately, the transmission of information via the internet is not completely secure and although we do our best to protect your personal data, we cannot guarantee the security of your data. So, we cannot accept any liability for the loss, theft or misuse of the personal information which you have provided during the use of our services, if there is a security breach.

8.4 We will keep your information stored on our systems for as long as it takes to provide the services to you. The third parties we engage to provide services on our behalf will keep your data stored on their systems for as long as is necessary to provide the services to you. We will not store your information for longer than is reasonably necessary or required by law.

9 YOUR RIGHTS

9.1 Even if you have accepted the processing of your personal data for marketing purposes (by ticking the relevant box), you have the right to ask us to stop processing your personal data for such purposes. You can exercise this right at any time by contacting us at hello@myday.health.

9.2 The app may, from time to time, contain links to and from the websites of advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

9.3 From 25 May 2018, you will be entitled to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format, and to transmit that data to another data controller. The types of data that can be provided are those set out at paragraph 3.1 above. You can exercise this right by contacting us at hello@myday.health.

9.4 Your Rights Under the UK GDPR, you have the following rights:

a) The right to be informed about the collection and use of your personal data

b) The right to access your personal data and obtain information about how we process it

c) The right to rectification of inaccurate or incomplete personal data

d) The right to erasure of your personal data (the "right to be forgotten")

e) The right to restrict processing of your personal data

f) The right to data portability, allowing you to obtain and reuse your personal data for your own purposes across different services

g) The right to object to processing of your personal data in certain circumstances

h) Rights related to automated decision-making, including profiling

10 ACCESS TO INFORMATION

10.1 European Data Protection Legislation gives you the right to access information held about you. You are entitled to be told by us whether we or someone else on our behalf is processing your personal information; what personal information we hold; details of the purposes for the processing of your personal information; and details of any third party with whom your personal information has been shared. In the event that an access request is unfounded, excessive or especially repetitive, we may charge a ‘reasonable fee’ for meeting that request. Similarly, we may charge a reasonable fee to comply with requests for further copies of the same information (that fee will be based upon the administrative costs of providing the information). Sometimes you may be asked to provide proof of identity before we show you your personal information - that's so we can prevent unauthorised access. Your rights to access, rectify such information, object or cancel the information we hold about you can be exercised at any time by contacting us at hello@myday.health.

10.2 Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that we have inadvertently received personal data from a child under the age of 18, we will delete such information from our records. If you believe that we might have any information from or about a child under 18, please contact us at hello@myday.health.

10.3 Retention of Your Information

We will retain your personal data for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

11 ADDITIONAL INFORMATION & JURISDICTION SPECIFIC NOTICES

11.1 Notice to California Residents 
This Notice to California Residents (“Notice”), in conjunction with the Privacy Policy above, describes how we collect, use, and disclose personal information of California residents within the scope of the California Consumer Privacy Act, as amended by the California Privacy Rights Act, and its implementing regulations (“CCPA”), as well as your rights in connection with this information. Your continued use of the Channels means that you accept the activities described in this Notice and the Privacy Policy.

11.2 Notice to United States Residents

HIPAA Compliance: As we handle sensitive health information, we are committed to complying with the Health Insurance Portability and Accountability Act (HIPAA) regulations. This means that we implement additional safeguards to protect your health information, ensuring confidentiality, integrity, and availability of protected health information (PHI).

12 CHANGES TO OUR PRIVACY POLICY

We may update this privacy policy from time to time. Any changes we make will be posted on this page, and where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy policy.

13 CONTACT

Questions, comments and requests regarding this Privacy Policy should be addressed to our Data Protection Officer:

Name: James Parkes

Address: Edgcumbe, Moorhaven, Bittaford, PL21 0EX

Email address: JamesParkesmyhello@myday.health

Telephone number: +447793185448:

14 DEFINITIONS

14.1 For the purposes of this Privacy Policy, "Data Protection Legislation" is defined as, for the periods in which they are in force, all applicable data protection and privacy legislation in force in the UK including the General Data Protection Regulation ((EU) 2016/679); the Data Protection Act 2018; the Privacy and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) and any equivalent legislation amending or replacing such legislation.

14.2 “Personal Data”, “Controller”, “Processor”, “Data Subject” and “Supervisory Authority” shall have the meaning given to them in the Data Protection Legislation.